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Certificate ::= SEQUENCE 
tbsCertif icate 
s ignatureAlgor i thm 
signature 



TBSCertif icate, 
Algorithmldentif ier, 
BIT STRING } 



: : - SEQUENCE 
[0] 



TBSCertif icate 
version 
serialNuTTiber 
signature 
issuer 
validity 
subj ect 

subj ectPublicKeyInf o 
issuerUniquelD [1] 
subjectUniquelD [2] 
extensions [3] 



{ 

Version DEFAULT vl , 

Certif icateSerialNumber, 

Algorithmldentif ier, 

Name, 

Validity, 

Name, 

Subj ectPublicKeyInf o, 
IMPLICIT Uniqueldentif ier OPTIONAL, 
IMPLICIT Uniqueldentif ier OPTIONAL, 
Extensions OPTIONAL } 



Version 



INTEGER { vl(0), v2(l), v3(2) } 



Certif icateSerialNumber 

Validity ::= SEQUENCE { 
notBef ore 
notAf ter 

Time : : = CHOICE { 
utcTime 
generalTime 

Uniqueldentif ier 

Subj ectPublicKeyInf o 
algorithm 
subj ect PublicKey 



: = INTEGER 



Time, 
Time } 



UTCTime , 

GeneralizedTime ) 



BIT STRING 



: = SEQUENCE { 

Algorithmldentif ier , 
BIT STRING } 



Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension 
Extension ::= SEQUENCE { 



extnID 

critical 

extnValue 



OBJECT IDENTIFIER, 
BOOLEAN DEFAULT FALSE, 
OCTET STRING } 
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AttributeCertif icate : 
acinf o 

signatureAlgorithm 
signatureValue 



SEQUENCE { 

AttributeCertif icatelnfo, 
Algorithmldentif ier , 
BIT STRING 



AttributeCertif icatelnfo 



version 

holder 

issuer 

signature 

serialNumber 

attrCertValidityPeriod 

attributes 

i ssuerUniquelD 

extensions 



SEQUENCE { 
AttCertVersion DEFAULT vl. 
Holder, 

AttCertlssuer, 
Algorithmldentif ier , 
Certif icateSerialNutnber , 
AttCertValidityPeriod, 
SEQUENCE OF Attribute, 
Uniqueldentif ier OPTIONAL, 
Extensions OPTIONAL 



AttCertVersion 



INTEGER { vl (0) , v2 (1) } 



Holder : := SEQUENCE { 

baseCertif icatelD 



entity-Name 

obj ectDigestInf o 



[0] IssuerSerial OPTIONAL, 

the issuer and serial number of 
the holder's Public Key Certificate 
[1] GeneralNames OPTIONAL, 
-- the name of the claimant or role 
[2] ObjectDigestInf o OPTIONAL 

if present, version must be v2 



} 



Obj ectDigest Info ::= SEQUENCE { 

digestedObjectType ENUMERATED 
publicKey 
publicKeyCert 
otherOb j ectTypes 



{ 



OtherOb j ectTypelD 

digestAlgorithm 

objectDigest 



(0) , 

(1) , 

(2) }, 

OtherOb j ectTypes MUST NOT 
--be used in this profile 
OBJECT IDENTIFIER OPTIONAL, 

Algorithmldentif ier , 

BIT STRING 
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AttCertlssuer ::= CHOICE { 

vlForm GeneralNames, ~v1orv2 
v2Fornn [0] V2Form - v2 only 

} 

V2Form ::= SEQUENCE { 

IssuerName GeneralNames OPTIONAL, 

baseCertificatelD [0] IssuerSerial OPTIONAL, 
objectDigestlnfo [1] ObjectDigestlnfo OPTIONAL 
at least one of issuerName, baseCertificatelD 
- or objectDigestlnfo MUST be present} 

IssuerSerial SEQUENCE { 

issuer GeneralNames, 

serial CertificateSeriaiNumber, 

issuerUID Uniqueldentifier OPTIONAL 

} 

AttCertValidityPeriod ::= SEQUENCE { 
notBeforeTime GeneraiizedTime, 
notAfterTime GeneraiizedTime 

} 

Attribute ::= SEQUENCE { 

type AttributeType, 
values SET OF AttributeValue 
-- at least one value is required 

} 

AttributeType ::= OBJECT IDENTIFIER 
AttributeValue ::= ANY DEFINED BY AttributeType 
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name id-aca-authenticationlnfo 
OID { id-aca 1 } 
Syntax SvceAuthlnfo 
values: Multiple allowed 

SvceAuthlnfo ::= SEQUENCE { 
service GeneralName, 
ident GeneralName, 
authlnfo OCTET STRING OPTIONAL 

} 
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